Issue with virus on Dropbox within company network

Hello Experts,

We have a customer with 80 users on a server 2003 domain, they use dropbox for spare files and it seems that ist has become infected and drop box is connected with al the uses, we have had an outbreak of malware and trojans from dropbox and gone everywhere. They use Sophos AV, question for you guys is what do we do next?

Kind Regards,

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Alan HardistyCo-OwnerCommented:
You need to make sure you clean up all computers to eliminate all viruses that are found on the computers and once you know you are free from infection, you can ask Dropbox to restore the files for you (which may take a week or so).  Make sure you recover them from before the virus struck.  Alternatively, if you have the files backed up somewhere, you can restore from there, wait until they push to Dropbox and then propagate back down to all the local machines.

If you don't already, you need to be backing up the Dropbox files to a remote location with the ability to recover various versions of the files, so if something becomes infected, you can easily revert to a previous version.

Davis McCarnOwnerCommented:
First, you need to identify the file in dropbox which is causing the grief.  I have found that the ESET Online Scanner or Hitman Pro are both very good at finding things which have hidden themselves from the local A/V.
btanExec ConsultantCommented:
It is best for a user to have the Dropbox desktop client in order to safeguard and enforce scanning. All files dropped into the synced folder will upload and download to/from cloud storage. User should ensure their scanner’s default folder scanning also include this sync folder minimally and for any active access on document scanning to be checked - for case of use of Symantec SEP, it has Auto-protect for such remote use case @
I believe Sophos scanning regime using run Anti-Virus and HIPS will have a better safeguard to detect infected document too - see

But of course if the document is obscured by password protected or machine is not patched up to date for any "zero days" or old AV signature, the infection is still possible on download from the shared Dropbox folder...
Chris HInfrastructure ManagerCommented:
Dropbox doesn't use VirusTotal to hash comparison uploaded files for suspected Malware?  That's just sad and ridiculous.

So a hacker can compromise an account and blast out https:// trash links to everyone using the reputation of a digicert'd, third-party trusted host.
btanExec ConsultantCommented:
Dropbox is just a jumping platform for attacker to lie their commands to the infected machine to execute certain task or retrieve more instruction for Enterprise that allow Dropbox access via their machine and network. Typical online storage can be blocked or restricted access from web proxy and content filter technology.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.